Thursday, 6 October 2011

GRUB (GRand Unified Bootloader is the bootloader) commonly installed by Linux distributions on your hard disk. GRUB is responsible for showing you the menu and it allows you to choose the operating system you want to boot.... :)

Here are some steps, Follow it to protect GRUB entries:

open terminal. Type grub and press enter. The prompt would change to something like ‘grub>’.

Entermd5crypt at the GRUB prompt. Type in the password when prompted for and press enter. The command will return you password encrypted as an md5 hash.

Now we need to edit the /boot/grub/menu.lst file. in case of redhat use /boot/grub.conf.

Enter the line password --md5 before the line that reads: “BEGIN AUTOMAGIC KERNEL LIST” you can write it anywhere.

If you save the file at this moment without any further edits you would have locked down interactive editing in GRUB. The administrator or in this case you would have to press ‘p’ key and enter the correct password to access these advanced options.

If in addition you want to lock down specific menu entries, you should add the word lock all by itself on a separate line just after the title specification for each entry in the menu.

The next time anyone tries to select the locked menu entry he/she will be required to enter a password before he/she can boot into the corresponding operating system, and that is so cool....

To lock the recovery mode entries it is best to change the line lockalternative=false tolockalternative=true. This will lock down all future recovery mode entries as well even if you update the kernel.